1

I'm trying to unify code to list files whether they're in a directory or on the classpath.

I can get a URL to the location of the resource:

URI uri = FontManagerTestUtils.class.getResource("/fonts").toURI();
FileSystem fileSystem =
    FileSystems.newFileSystem(uri, Collections.emptyMap());

But the security manager doesn't like it:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/Users/tester/.gradle/caches/modules-2/files-2.1/com.acme.utilities/acme-utils/2.0.4/2c3dd60154b9f63c52ee0defe82422c2987f69b5/acme-utils-2.0.4.jar" "write")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
    at sun.nio.fs.UnixPath.checkWrite(UnixPath.java:801)
    at sun.nio.fs.UnixFileSystemProvider.checkAccess(UnixFileSystemProvider.java:294)
    at java.nio.file.Files.isAccessible(Files.java:2455)
    at java.nio.file.Files.isWritable(Files.java:2521)
    at com.sun.nio.zipfs.ZipFileSystem.<init>(ZipFileSystem.java:125)
    at com.sun.nio.zipfs.ZipFileSystemProvider.newFileSystem(ZipFileSystemProvider.java:117)
    at java.nio.file.FileSystems.newFileSystem(FileSystems.java:326)
    at java.nio.file.FileSystems.newFileSystem(FileSystems.java:276)

I don't particularly intend to write back into the jar, though, and my security policy does permit reading from jar files on the classpath, so is there a way to just tell it not to open it with write access?

Hakanai
  • 12,010
  • 10
  • 62
  • 132
  • That error is coming from a `SecurityManager`—it's an `AccessControlException` not an `AccessDeniedException` or a `ReadOnlyFileSystemException`. – Slaw Jul 02 '19 at 00:23
  • @Slaw yes, but as you can see, it's asking for "write" permission. My security policy does permit the "read" permission. – Hakanai Jul 02 '19 at 00:31
  • Looks like `ZipFileSystem` checks for write access to determine whether or not it will be read-only. Part of this process is involves consulting the `SecurityManager`, if one is installed. However, from looking at the source code it checks for write access in a `AccessController#doPrivileged` call (unlike when it checks for read access), which _possibly_ means granting write access to the `ZipFileSystem`'s code source _might_ work. – Slaw Jul 02 '19 at 00:38
  • @Slaw but I don't want to grant anybody access to write to my jar file cache. :( – Hakanai Jul 02 '19 at 00:41
  • Not sure what you want to achieve, but can you just catch the exception? – Scary Wombat Jul 02 '19 at 00:46
  • @ScaryWombat I can catch it, but I want to read from the filesystem, and if I can't create the filesystem in the first place that's kind of a bummer. :( – Hakanai Jul 03 '19 at 01:20

0 Answers0